WARNING: No server certificate verification method has been enabled

[radvla]

I am trying to build one openvpn network with a server and a remote client.Both are linux computer and use ubuntu.

Server tunnel has been activated properly

after trying to activate the openvpn in the client with the command "openvpn --config /etc/openvpn/client.ovpn" , I get the warning-error message:

WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Nonetheless the client.ovpn and the server.conf have a certification file.

I copy both.

Client.ovpn:

client
ca /etc/openvpn/ca.crt
dev tun
proto udp
dh /etc/openvpn/dh2048.pem
remote 92.222.86.41 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cert /etc/openvpn/ServerRemoto1.crt
key /etc/openvpn/ServerRemoto1.key
comp-lzo
verb 4
float

server.conf:

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 10.10.10.0 255.255.255.0
crl-verify /etc/openvpn/01.pem
ifconfig-pool-persist /etc/openvpn/ipp.txt
route "192.168.0.0 255.255.255.0"
cipher DES-CFB
user root
group nogroup
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20

I NEED URGENT HELP!!!!!!

thank you to mercy son

[radvla]

NOTE: The previous line error messages are:
Mon May 1 10:12:58 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Mon May 1 10:12:58 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Mon May 1 10:12:58 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

[TiTex]

that's just a warning , vpn connectivity should work just fine
you can use one of the --remote-cert options do have the warning not shown anymore
client config
remote-cert-tls server

server config
remote-cert-tls client

see the manual for details https://community.openvpn.net/openvpn/w ... n23ManPage

[radvla]

THANKs but connection do not work.

I get this errorr at the end of the messages , I thought It was due to the warning messages but after reading your comment ,must be other reason.This is the error:

Tue May 2 07:42:14 2017 [VDF] Peer Connection Initiated with [AF_INET]92.222.86.41:1194Tue May 2 07:42:17 2017 SENT CONTROL [VDF]: 'PUSH_REQUEST' (status=1)
Tue May 2 07:42:17 2017 AUTH: Received control message: AUTH_FAILED
Tue May 2 07:42:17 2017 SIGTERM[soft,auth-failure] received, process exiting


Before that i get confirmation messages about certificates and keys that seems to be OK:

Tue May 2 07:42:12 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Tue May 2 07:42:12 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Tue May 2 07:42:12 2017 Socket Buffers: R=[163840->131072] S=[163840->131072]
Tue May 2 07:42:12 2017 UDPv4 link local: [undef]
Tue May 2 07:42:12 2017 UDPv4 link remote: [AF_INET]92.222.86.41:1194
Tue May 2 07:42:12 2017 TLS: Initial packet from [AF_INET]92.222.86.41:1194, sid=bd9dfbe6 9efa1f37
Tue May 2 07:42:13 2017 VERIFY OK: depth=1, C=ES, ST=MA, L=SMVDG, O=FIDIAS, OU=DV, CN=VDF, name=EasyRSA, emailAddress=fidias.lam@icloud.com
Tue May 2 07:42:13 2017 Validating certificate key usage
Tue May 2 07:42:13 2017 ++ Certificate has key usage 00a0, expects 00a0
Tue May 2 07:42:13 2017 VERIFY KU OK
Tue May 2 07:42:13 2017 Validating certificate extended key usage
Tue May 2 07:42:13 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue May 2 07:42:13 2017 VERIFY EKU OK
Tue May 2 07:42:13 2017 VERIFY OK: depth=0, C=ES, ST=MA, L=SMDVG, O=FIDIAS, OU=DV, CN=VDF, name=EasyRSA, emailAddress=fidias.lam@icloud.com
Tue May 2 07:42:14 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 2 07:42:14 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 2 07:42:14 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 2 07:42:14 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 2 07:42:14 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

I AM TOTALY LOST.CAN YOU HLP ME PLEASE??
Thanks

[TiTex]

looking at your configs , you should stop copy/pasting configs found on the interwebs and read the damn manual

remove from server config
cipher DES-CFB
route "192.168.0.0 255.255.255.0" - i think you wanted ' push "route 192.168.0.0 255.255.255.0" ' anyway
crl-verify /etc/openvpn/01.pem
remote-cert-tls client - if you added this , since i'm not sure how you created the certificates

remove from client config
comp-lzo
float
dh /etc/openvpn/dh2048.pem

if that doesn't work , see this topic viewtopic.php?f=30&t=22603 about requesting help

[TinCanTech]

see this topic viewtopic.php?f=30&t=22603 about requesting help

amen !

Perhaps, if they read their server log they will see why Auth Failed ..

[radvla]

menos cahondeo, i will se what you indicates thanks, and use the scraced word amen with more respect please

thanks again